| 12
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 
 | 
 
 
 from flask import Flask
 from flask import request
 import socket
 import hashlib
 import urllib
 import sys
 import os
 import json
 reload(sys)
 sys.setdefaultencoding('latin1')
 
 app = Flask(__name__)
 
 secert_key = os.urandom(16)
 
 
 class Task:
 def __init__(self, action, param, sign, ip):
 self.action = action
 self.param = param
 self.sign = sign
 self.sandbox = md5(ip)
 if(not os.path.exists(self.sandbox)):
 os.mkdir(self.sandbox)
 
 def Exec(self):
 result = {}
 result['code'] = 500
 if (self.checkSign()):
 if "scan" in self.action:
 tmpfile = open("./%s/result.txt" % self.sandbox, 'w')
 resp = scan(self.param)
 if (resp == "Connection Timeout"):
 result['data'] = resp
 else:
 print resp
 tmpfile.write(resp)
 tmpfile.close()
 result['code'] = 200
 if "read" in self.action:
 f = open("./%s/result.txt" % self.sandbox, 'r')
 result['code'] = 200
 result['data'] = f.read()
 if result['code'] == 500:
 result['data'] = "Action Error"
 else:
 result['code'] = 500
 result['msg'] = "Sign Error"
 return result
 
 def checkSign(self):
 if (getSign(self.action, self.param) == self.sign):
 return True
 else:
 return False
 
 
 
 @app.route("/geneSign", methods=['GET', 'POST'])
 def geneSign():
 param = urllib.unquote(request.args.get("param", ""))
 action = "scan"
 return getSign(action, param)
 
 
 @app.route('/De1ta',methods=['GET','POST'])
 def challenge():
 action = urllib.unquote(request.cookies.get("action"))
 param = urllib.unquote(request.args.get("param", ""))
 sign = urllib.unquote(request.cookies.get("sign"))
 ip = request.remote_addr
 if(waf(param)):
 return "No Hacker!!!!"
 task = Task(action, param, sign, ip)
 return json.dumps(task.Exec())
 @app.route('/')
 def index():
 return open("code.txt","r").read()
 
 
 def scan(param):
 socket.setdefaulttimeout(1)
 try:
 return urllib.urlopen(param).read()[:50]
 except:
 return "Connection Timeout"
 
 
 
 def getSign(action, param):
 return hashlib.md5(secert_key + param + action).hexdigest()
 
 
 def md5(content):
 return hashlib.md5(content).hexdigest()
 
 
 def waf(param):
 check=param.strip().lower()
 if check.startswith("gopher") or check.startswith("file"):
 return True
 else:
 return False
 
 
 if __name__ == '__main__':
 app.debug = False
 app.run(host='0.0.0.0',port=80)
 
 |